Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

How to implement ISO9001 - Quality Management System

ISO9001 for quality management is the world’s most recognised international standard. It demonstrates that your organization can consistently provide products and services that meet your customer needs and adhere to regulatory requirements. If you are looking to win more business, reduce costs and improve productivity, then ISO9001 is the right option.

There are 4 main stages to implement ISO9001 Quality Management System (QMS) within an organization. Within each stage there are a number of requirements that must be achieved before going for certification.

Implement ISO9001 in four stages infographic

 

Stage One

Stage one is the planning stage as you prepare your gap assessments, identify your scope, role out your employee awareness campaigns and learn the steps to implement ISO9001.

Gap assessment

You need to know what you already have in place prior to producing a project plan.  The gap assessment will provide you with that information. This is also useful information to help gain buy-in from senior management, as you will be able to produce a clearer idea of the resources and time required to get ready for certification.

Action plan

Once you have the support from senior management an action plan to cover all the outstanding requirements identified in the gap assessment is produced.  As with all project plans, this should set out what needs doing, time frames and the person responsible for doing it.

Scope and interested parties

It is important to know what the QMS is going to cover. It may not cover every aspect of the business and the scope should clearly state what is in and out of the QMS.

Interested parties need to be identified. These are entities, people, or organizations, that could have an influence on, or requirement from the QMS.  These must be identified and documented.

Employee awareness

This is also a good time to deliver employee awareness presentations.  Change affects people in different ways, so a series of awareness sessions that explains to the employees what is happening, why it is happening, the benefits and what it means to them early on will help to gain their buy-in and assistance.

Stage Two

Stage two is working through the project plan. The main requirements here are:

Mapping current processes

If you haven’t already mapped your processes, now is the time to do it.  Processes that have an impact on the quality of your products or services may need to be documented in the form of Standard Operating Procedures (SOP). This will also help identify where processes interact with each other that could have an impact upon the QMS.

Documents

Documents that are required by the QMS, these include SOPs, forms, minutes of meetings, spreadsheets, etc., must be identified and properly referenced.  There is a clear requirement within ISO9001 for document control and a numbering protocol for all QMS documentation must be implemented.

Risk and opportunities

Risks and opportunities for the interested parties identified early must be reviewed, with actions to address those risks and potential opportunities. This would include identifying a responsible person to implement those actions and monitor the results.

Objectives

QMS objectives need to be devised. It is important to remember these are objectives to improve the QMS and are not Business Objectives.  These must be documented, timebound and measurable.

Roles and responsibilities

The roles and responsibilities of those who are closely involved in the QMS must be defined and any additional training identified and undertaken to ensure that these individuals are competent in their allocated positions.

Stage Three

Stage three is the embedment of the QMS.  Effectively the test drive of the system to check that everything you have done previously is working, and that you’re well on your way to implementing ISO9001.

Gap assessment review

If you haven’t done so already, this is a good time to do another gap assessment to check there is nothing missing.  Sometimes it is easy to overlook something when you are busy in other areas.  This can be crossed checked against the outcomes of the project plan.

Internal audits

Prior to certification you must have had at least one internal audit and evidence of doing so. There are a couple of ways of doing this depending on size and resource. If you are a small business, you may opt to hire an external consultant to come in and conduct the internal audits. If you are a bigger business, then you could have two or more of your employees trained to be internal auditors. They must be from different departments/divisions as they cannot audit their own area.  One will also need to be trained as a lead auditor.

You should try and audit each area that is covered by the QMS before the certification audit.  This is a good opportunity to ensure that everything is in place and any problems ironed out.

Management review meeting

Another requirement prior to certification is to conduct a management review of the QMS.  This should happen after some internal audits have taken place.  All areas of the QMS should be reviewed, including the effectiveness of the QMS objectives and the results of internal audits.

Stage Four

A final check of your QMS, then if you are happy it is time to look for a Registered Certification Body (RCB).  There are many out there and some may specialise in your business sector. Prices may also vary widely, so research and gathering quotes is recommended. Once you have decided upon your RCB and engaged them they will explain the certification process. This is a two-part process.

Part one

The RCB will review the QMS documentation. If you have a lot of documented processes and forms, they will look at a sample of them.  If the documentation passes their assessment, you will proceed to part two.

Part two

The audit. The RCB will visit the site, or sites and conduct the certification audit.  This will include checking you are compliant with the requirements of the standard, the awareness of the QMS with staff, actions you have taken when you have identified problems through internal audits have been completed and that your objectives are relevant and being reviewed.

On completion of a successful audit, you will be issued with your certificate.  The certification cycle lasts for three years. ISO standards are all about continual improvement, so annually for two years after your certification the RCB will conduct a surveillance audit to check that you are still compliant, and on year three you will have a full re-certification audit where you will be presented with a renewed certificate.

 


How can CertiKit help with your QMS?

If you’re looking to implement a QMS, CertiKit can help with our ISO9001 toolkit, consultancy and internal auditing services.

Download our free 10 step guide today for more information about the standard and to learn:

  1. Each step of the process from project planning to the certification audit
  2. Expert tips from the CertiKit team on best practise for easy implementation
  3.  Key insights into building a successful QMS

Free Guide - ISO9001: 10 Steps to Certification

  • Privacy Policy

    X

    When you request to download our free ISO9001: 10 steps to certification guide, we use your name, company name (which is optional), phone number, country and your email address to email you a link to download the requested document. We may also email or call you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

We’ve helped more than 4000 businesses with their compliance

Testimonials

The toolkit was perfect in delivering the correct process to our business, preventing thousands spent on consultants delivering the same toolkit. It also played a massive part in speeding up our compliance in GDPR.

G3 Comms Limited
UK

View all Testimonials